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Topic: EDI Objectives 


Purpose of report: This report describes the objectives for 2019 to 
2022 and outlines the progress made against them over the last year. 


Reason for report: For ET to comment on the agreed objectives and 
progress made before they are recommended to Management Board. 


Time required: 10 mins 


i Background 


1.1 The Equality Act 2010 places obligations on Public Authorities to 
provide equality of access to their services, and also requires them 
to establish objectives to continually improve the way in which 
those services are delivered in an inclusive manner. These 
objectives need to be reviewed periodically to ensure that they 
remain relevant. 


1.2 In 2019, the then E&D Committee proposed 4 Equality Objectives 
for the ICO for 2019-2022. These objectives aim to focus our 
actions on awareness raising and taking action to support those 
with protected characteristics; ensuring our services are accessible 
across the community; using our influence as a means of 
improving equality, diversity and inclusion in other organisations; 
and being a good, fair, inclusive and accessible employer. 


1.3 SLT agreed the objectives as follows: 
e Spreading knowledge and taking action: We will raise 


awareness of information rights across the community and 
take action to ensure that organisations fulfil their 


1.4 


2.2 


obligations. We will have particular focus on groups and 
sectors where knowledge gaps may cause information rights 
inequalities or vulnerabilities. We will ensure that in our 
actions as a regulator we do not create inequalities or 
discriminate. 

e Accessible services: Our services and information will be 
accessible for users and potential users of our services, and 
we will provide our staff with the skills and knowledge they 
need to provide high quality services for all. We will try to 
anticipate customer needs and we will take action to remove 
barriers to our services when possible. 

e Encouraging others: We will use our status as a regulator, 
advisory body and purchaser of services to influence 
improvements in equality by other organisations and across 
society. 

e Employer: Our workplaces and practices will be accessible, 
flexible, fair and inclusive. We will value the diversity, skills, 
backgrounds and experience of our people, enabling them to 
perform to their best in a welcoming and supportive 
environment. 


Annex 1 sets out the progress made against these objectives over 
the last year. 


Discussion 


The EDI board reviewed the objectives in April and agreed that 
they remain relevant and appropriate. They state that the 
objectives continue to ensure that the ICO is an inclusive, 
accessible and diverse regulator, service provider and employer. 


They also believe that while significant progress has been made, 
there are still further actions required to deliver against them in 
their final year to 2022 and are planning to review their work 
programme for the year ahead. The objectives as they stand allow 
the space to further develop the plans and oversee activity across 
the office without needing to be changed. For example, the EDI 
board are developing a workstream to review social mobility within 
the organisation and it is felt that this firmly sits under the 
‘Employer’ objective. 


2.3 


7.2. 


In line with objective tracking and annual business planning 
process the board will review the objectives again in the year 
ahead, ready for their final review and delivery date in April 2022. 
The upcoming independent EDI audit, which Diversity McKenzie 
will commence in May, will significantly inform this work. 


Summary of assurance provided 


This paper outlines the thinking of the EDI board and actions taken 
against the objectives in the last year. It summarises the in built 
flexibility of the objectives to enable the board to continue to keep 
their focus as well as increase their ambition and inform their work 
programme. 


Next steps 


The independent EDI audit due to start in May will lay the 
foundations for the review of our equality objectives as they reach 
the end of their life cycle in April 2022. 


Equality, diversity and inclusion considerations 


EDI considerations are fundamental to this paper and the 
assurance provided. By their very nature these objectives and the 
associated work plans are designed to have positive impacts for 
equality, diversity and inclusion. 


Consultation outcomes 


The EDI board has been leading this work and the EDI network 
chairs and their network members consulted as the objectives and 
outputs were reviewed. 


Communications considerations 


The board provides scrutiny, oversight and works collaboratively 
with colleagues from across the office to further this work. Internal 
communications support will be especially important to promote 
the work to achieve these objectives, promote the work of the 
networks and ensure that cross office support and activity 
continues. 


External communications support, in line with our corporate 
narrative is also important, in particular to support upcoming 
activity such as recruitment. 


8. Alignment with values 


Ambitious - driving the pace and scale of EDI activity across the 
ICO, working towards stretching diversity targets and ambitious 
objectives. 


Collaboration - working with the EDI network chairs and across the 
office to achieve our equality objectives. 


Service Focused - taking action to support those with protected 
characteristics, ensuring our services are accessible across the 
community. 


Publication considerations 
9.1. This report can be published internally and externally. 


Consultees: Andrew Hubert, Michael Collins 


Annexes: Annex 1 


Annex 1 - Workplan progress summary for 2020/21 


Across the office a range of activities to support our objectives has been 
taking place. To follow is an overview: 


Objective 1: Spreading knowledge and taking action 


Over the past year Assurance (Supervision) have published a wide range 
of supervisory guidance products designed to help organisations fulfil their 
obligations for data protection. This includes a wide ranging privacy 
management programme (our accountability framework) for 
organisations. It is a free to use resource that can benefit any size 
organisation. It includes templates and collected resources to support 
data protection compliance reducing the need for smaller organisations to 
rely on consultants, incurring extra costs. The practical support also helps 
to reduce inequalities that may arise as a result of knowledge gaps and 
resources between organisations responsible for protecting people’s data. 


We produced detailed guidance about how organisations should comply 
with one of the most fundamental provisions of DP law - subject access 
requests - helping ensure that organisations are informed on how to 
ensure individuals can access their data this include guidance on dealing 
with requests from disabled people & requests from children. 


Early on in the pandemic we identified an issue relating to vulnerable 
adults power of attorney and making your wishes clear regarding your 
data in the absence of power of attorneys (PoAs). At the start of the 
pandemic people lost access to their usual support networks through 
lockdown restrictions leaving many elderly and disabled people without 
support. We produced some guidance making it clear what info people 
with PoAs should be able to access and we also produced guidance about 
what individuals could do to make their wishes about who could access 
their data in the absence of PoA. We worked with the Law Society and 
GMC on this to best understand the issues and to make sure relevant 
professional bodies were aware of the guidance. 


We also provided substantial feedback that went into the ICO’s response 
to government consultation on Data Strategy which included highlighting 
the potential for some proposals to discriminate against more vulnerable 
members of society. 


A communication and engagement plan is in development to raise 
awareness among children and parents of their data protection rights and 
the role of the children’s code in providing greater protection for their 
data online. This is particularly important as children are likely to need 
tailored information to understand and exercise their rights. We will be 
reaching out to these audiences before the end of the transition period 
this year, and have been working with a range of children’s 
representatives through our Children’s Advisory Panel to ensure we target 
this engagement appropriately. 


In our work in Tech and Innovation to promote and support privacy 
respectful innovation we have partnered with other organisations in 
projects to improve data protection practice in markets dealing with 
vulnerable groups. Examples include: 


e We mentored participants in the FCA Digital Sandbox Pilot looking 
for ways to prevent frauds and scams and to improve the financial 
resilience of vulnerable consumers 

e We supported Innovators working with Nesta’s Rapid Recovery 
Challenge to find solutions to problems encountered by those made 
economically and financially vulnerable as a result of the pandemic. 


The ICO’s chairing of the Global Privacy Assembly (GPA) has continually 
focussed on ensuring a diversity of contributors across all of the project’s 
workstreams since 2018. This means that the ICO has had to collect and 
reflect a range of views in its activity which reflect the cultural, legal and 
linguistic diversity from amongst the 132-strong membership, as well as 
ensuring gender balance in its output. Diversity has been constantly 
integrated into our approach in developing agendas and offering 
interpretation for the GPA events, creating a diverse GPA Executive 
Committee and the set up of a new GPA Reference Panel. 


Objective 2: Accessible services 


Through our Grants programme we supported Connection at St Martin’s in 
the Field in a project to engage with those experiencing homelessness to 
better understand the challenges and barriers they faced in understanding 
how their data was used. As well as producing high quality research into 
the experience of individuals, the project delivered a practical and 
accessible tool set designed around the needs of data subjects, informing 
homeless people of their data rights and how to enforce them. It also 


created an outreach process that will be shared across charity networks 
experiencing similar challenges. 


Following the success of this project, one of the categories in the third 
phase of our research grants programme asks for applications that target 
Data protection issues and solutions for vulnerable adults and 
communities. 


The Children’s code aims to provide additional protections to children, 
who are likely to be less able to control or understand the ways in which 
their data is being used. The code completed its parliamentary passage in 
September 2020, and we are now in the twelve month transition period 
before the Code comes into force. We are working closely with ISS under 
scope of the code to ensure that they consider the best interests of 
children as part of the design and functionality of their services, building 
in high levels of protection by default. 


Objective 3: Encouraging others 


Procurement are reviewing their process and EDI screenings will be 
routinely considered and undertaken where appropriate. Supporting 
documentation and guidance will be in place by 30 September 2021. We 
are also exploring further opportunities to ensure that our supply chain 
reflects our EDI posture. 


In our Regulatory Sandbox we undertook a project with Onfido to assist 
the development of mechanisms to combat inherent bias within AI, and 
to do so in a way that protects privacy. We have also supported a project 
with JISC looking to use sophisticated data analysis in order to support 
student mental health and wellbeing and potentially intervene with 
students that are vulnerable. 


In our work to support the development of GDPR Codes of Conduct we 
have been working with The National Association of Child Contact Centres 
as they develop their code. This code deals with child contact centres for 
the children of separated families to have contact with their non-resident 
parents / other family members, in a safe environment. Specific 
‘supervised’ centres are used for if there are concerns regarding the 
safety of the children. Centre delivery ranges from medium sized charities 
with full time staff, to small local community centres and church 

halls. The contact centres need to have regularly updated advice and 
support on compliance with personal data handling requirements. The 
NACCC code of conduct is intended to provide assurance to users, 


supporters, public, government bodies etc, that personal data handling in 
this sector is maintained to the required standard. 


Objective 4: Employer 


During 2020-21, the ICO’s EDI Board has focused on six distinct 
workstreams: 


e ICO People Policy Review 

e Equality Impact Assessment Process Review 
e Develop an EDI Training plan 

e Improve our diversity data 

e Commission an independent EDI audit 

e Establish an ICO Corporate Social Identity 


The focus of the Board is one of scrutiny and oversight of this work, with 
many of the EDI Board members chairing and/or attending sub-groups 
and working collaboratively with colleagues from across the office to 
further this work. 


ICO People Policy Review workstream 


Over the last 12 months, members of the EDI Board and Staff Network 
groups have had the opportunity to comment upon a range of ICO people 
(staff) related corporate policies. This has helped to ensure that the 
policies are inclusive and takes into account issues which may impact 
upon people from different protected groups. The next steps are to work 
with HR where there are potential gaps in the current policy suite. 


Equality Impact Assessment process review 


The EDI Board reviewed the ICO’s Equality and Impact Assessment 
(EQIA) process to ensure that the process, template and guidance 
documents were fit for purpose, met equality legislation, adhered to the 
Public Sector Equality Duty and mirrored best practice. 


To ensure that the new EQIA process feels relevant to all ICO staff and to 
help emphasise the importance of measuring and assessing the impact on 
equality; the ICO has rebranded the EQIA process as the People Impact 
Assessment (PIA) process. This mirrors developing best practice 
approaches across both the public and private sectors. 


Develop an EDI Training plan 


The focus for EDI training over the last 12 months has been delivery of 
our existing mandatory Dignity, Diversity & Inclusion workshop which all 
ICO new starters attend and introducing new course, such as: 


e Mental Health for People Managers. 

e Awareness of mental health and autistic spectrum disorder 
e Interviewing and selection workshops 

e World mental health day 

e World suicide prevention day 

e Menopause for colleagues 

e Menopause for managers 

e Mental Health for everyone 

e Mental Health for managers 


Improving our diversity data 


The EDI Board reviews the demographic information of the ICO’s staff on 
a regular basis and has established ambitions for how the ICO’s staffing 
profile will change in the next three years to March 2024. 


The EDI Board did not establish specific ambitions for the age or 
religion/belief demographics for the ICO’s staff, though we wish to ensure 
that our employment practices are as fair and inclusive as possible to 
ensure that we are able to attract and retain people from different 
characteristics. 


It is worth noting that there has been some movement in the 
demographics of the organisation in the last 12 months with small 
increases in the percentage of ICO staff from an ethnic minority 
background and staff that declared they are disabled. Although there has 
been progress in that time, our ambitions are stretching and there is 
much further work to be done if we are to achieve them. An updated 
action plan to meet these targets is to be taken to our next EDI board in 
Q1 20/21. 


The EDI Board will continue to monitor this data and seek to identify 
opportunities to increase the diversity of our workforce. 


Commissioning an independent EDI audit 


As part of our continuing commitment to putting equality, diversity and 
inclusion at the heart of everything we do, the EDI Board has 


commissioned Diversity McKenzie to conduct an independent Equality 
Audit to commence in May 2021. 


The audit will cover: 


e Policies and Procedures 

e Learning and Development/Training 
e Equality Impact Analyses 

e Inclusiveness of services we provide 
e Inclusiveness of leadership 

e Procurement Processes 

e HR Processes 

e Recruitment Processes 

e Pay Equality 

e Bullying and Harassment 


To be successful cross office support and engagement will be required. 
We are committed to publishing this report and anticipate that the 
findings and recommendations, will feed into the focus of the EDI Board 
for 2021/22 and its future workplan. 


The ICO Corporate Social Identity 


In 2020 the EDI Board commissioned a subgroup of the Board to focus on 
the development of a corporate framework to promote, respond and 
engage with social and ethical issues, ensuring that the ICO is able to 
quickly and appropriately respond to social and ethical issues that may 
impact on staff, customers and stakeholders. 


During this year, there has been a strong focus on the language we use 
across the organisation with guidance being issued on the terms 
‘whitelisting’ and ‘blacklisting’ and agreement to stop the use of the 
acronym BAME, instead to use ‘ethnic minority’. 


The corporate ‘Keeping it simple’ and ‘Writing to influence’ training has 
also been updated with these considerations in mind. 


There has been an increased focus on EDI communications internally, 
with more opportunities to share the work of the networks, raising the 
profile of the networks and engaging people in their activities. 


